Vulnerability Assessments

Vulnerability Assessments and Penetration Testing are a valid method of assessing IT security risks and developing a plan to address them for an organization. The scope of a vulnerability assessment can be limited to an organizations externally exposed systems such as their Internet point of presence or it can be much broader in scope including core infrastructure and line of business applications. The value of the vulnerability assessment is that it identifies vulnerabilities on a wide scale basis and can indicate larger IT security issues within the infrastructure. If required, focused penetration testing on high sensitivity systems can also be performed. The value of penetration testing is that it provides the client with an actual measurement of how hard or easy it would be break into a particular system through the testing and attempted circumvention of security controls. Regular vulnerability assessments and penetration tests are an essential element of an ongoing IT security risk management program within an organization.